06/20/2007 WED 15:23 FAX 7035185499 



RECEIVED 

CENTRAL FAX CENTER 



121010/012 



• i 



JUN 2 0 2007 



Application No,: 10/697,641 



Docket No,: 200309346-2 (1509-452) 



REMARKS 



Reconsideration and allowance of the subject application in view of the foregoing 
amendments and the following remarks is respectfully requested. 



Claims 1 '— 24 remain pending in the application. 

Claims 1-11, 14-24 are rejected under 35 USC 102(b) as being anticipated by 
Douglas (US PGPUB No. 20040049693). In response, independent claims 1, 7, 10, 12, 
14, 17, 21 and 23 have been amended and are believed to be patentably 
distinguishable from Douglas for the reasons discussed below. 

The present invention is solving a very different problem than Douglas. 
Douglas's intention is to protect the network in machines by detecting and filtering 
information about attack events. And regards network security the present Invention is 
about collection and storing events from multiple devices and sending them to a central 
database to analyze the event. The present invention Is not just security related, but is 
applicable to all offense. In Douglas, because the system is concerned with detecting 
intrusion quickly, the event logs are filtered as stated in Douglas [0004] "(b) passing the 
event data to a plurality of configured modules on the host computer, in serial fashion, 
that alter the contents of the event data that is to be reported to form filtered event data 
or that discard the event not considered of value to report; and (c) passing all the filtered 
event data to a second plurality of configured modules for providing notification of the 
intrusion or intrusion attempts." 

Independent claims 1, 7, 10, 12, 14, 17, 21 and 23 have been amended to 
emphasize that the entirely of events are analyzed since the last analysis of the local 
event logs. For least these reasons, the independent claims should be patentable over 
Douglas. Dependent claims to 2 - 6, 8 - 9, 11, 13, 15 - 16, 18 - 20 v 21 - 22 and 24 
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recite additional, important limitations and should be patentable over Douglas for the 
reasons discussed with respect to the independent claims as well as on their own 
merits. 

Claims 12 and 13 are rejected under 35 USC 103(a) as being unpatentable over 
Douglas in view of Kate et al. (US PGPUB No. 200 20062259). In response, claim 12 
has been amended and is believed to be patentable over this combination of references 
for the reasons discussed below. 

Katz does not overcome the deficiencies discussed above with respect to 
Douglas. Applicant respectfully disagrees with the reasons advanced with respect to 
why these two references can be combined. These two references are from completely 
different environments and are from non-analogous arts. Further, Katz merely monitors 
and detects new devices added to the network as opposed to running analysis of events 
and providing alerts based on these events. Accordingly, the obviousness rejection 
should be withdrawn. 

All objections and rejections having been addressed Applicant respectfully submits 
that the application is in condition for allowance and a Notice to that effect is earnestly 
solicited. 

The Examiner is invited to telephone the undersigned, Applicant's attorney of 
record, to facilitate advancement of the present application. 
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To the extent necessary, a petition for an extension of time under 37 C.F.R. 1.136 
is hereby made. Please charge any shortage in fees due in connection with the filing of 
this paper, including extension of time fees, to Deposit Account 07-1337 and please credit 
any excess fees to such deposit account. 



1700 Diagonal Road, Suite 300 

Alexandria, Virginia 22314 

(703)684-1111 

(703) 518-5499 Facsimile 

Date: June 20, 2007 

KMB/cac 



Respectfully submitted, 

LOWE HAUPTMAN & BERNER, LLP 




Kenneth M. Berner 
Registration No. 37,093 
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